Cyber Incident Victim: Audio House
Date:
May 2021
Location:
Singapore
Summary
A consumer electronics retailer experienced a potential data breach when hacking group Altdos allegedly infiltrated its servers, possibly compromising customer names, contact details, email and home addresses, transaction records, and stored credits. The attackers employed blackmail tactics, threatening to leak information unless demands were met, mirroring previous incidents involving other regional businesses. The company confirmed payment data remained secure through third-party handling and assured the integrity of customer credits while collaborating with law enforcement and cybersecurity experts. Following the incident, the retailer temporarily suspended its website, enhanced firewall protections, and advised customers to ignore suspicious communications from the group.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around May 31, 2021, Singapore-based consumer electronics retailer Audio House was alerted that the hacking group Altdos might have gained unauthorized access to its servers. The group claimed to have stolen data from Audio House’s membership database and attempted to blackmail the company, threatening to use the incident as a case study to extort other firms. Audio House confirmed its database contained information on approximately 180,000 customers, including members’ names, email addresses, home delivery addresses, contact numbers, credits with the company, and past sales transaction records. The retailer clarified that no payment details or credit card information were compromised, as these were handled exclusively by a third-party payment gateway. Altdos communicated its threats via email, though Audio House stated it did not respond to the group’s demands. The company reported the incident to the police, who confirmed an investigation was underway, and engaged external web experts to assess the breach’s scope and severity.
Audio House implemented immediate containment measures, including strengthening its firewall and temporarily suspending its website to conduct additional security tests and system upgrades. The company notified customers via email, advising them to ignore any spam communications from Altdos and refrain from spreading unverified information that could amplify the hackers’ influence. Audio House assured customers their eCashback credits remained secure and usable for purchases. The incident mirrored Altdos’s earlier attack on furniture retailer Vhive in March 2021, where the group leaked customer data incrementally after its extortion demands were unmet. Cybersecurity experts noted that stolen personal information could facilitate targeted phishing attacks or ransomware deployment. Audio House apologized for the potential breach but emphasized no financial data was exposed, and its infrastructure enhancements aimed to prevent future intrusions.